Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/AE2mLYOhoDFS09wfEKMtDnQuEPA.roa
File:                     AE2mLYOhoDFS09wfEKMtDnQuEPA.roa (raw, json)
Hash identifier:          Eq1krz5L3rL2qf3We/1ql4Gncj5+vLOt7CQS9vFNEL8=
Subject key identifier:   00:4D:A6:2D:83:A1:A0:31:52:D3:DC:1F:10:A3:2D:0E:74:2E:10:F0
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019321F737CD186E0CCE71EE2C01F8F23158
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/AE2mLYOhoDFS09wfEKMtDnQuEPA.roa
Signing time:             Tue 12 Nov 2024 20:01:10 +0000
ROA not before:           Tue 12 Nov 2024 20:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200207
IP address blocks:        5.144.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:f7:37:cd:18:6e:0c:ce:71:ee:2c:01:f8:f2:31:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Nov 12 20:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=004da62d83a1a03152d3dc1f10a32d0e742e10f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:73:ff:07:cc:b5:c4:e6:d0:0e:ee:5d:19:24:
                    d0:21:af:3d:39:8f:e2:44:04:1c:aa:9e:d7:87:93:
                    07:ba:a1:c8:cd:6a:6e:e1:84:ce:30:04:77:a3:f4:
                    26:7c:f0:07:66:20:05:68:96:0e:91:cb:00:34:65:
                    ee:c8:82:14:71:d2:ba:88:74:a7:ab:7b:3c:9b:4c:
                    68:0b:eb:15:e1:af:cd:c1:2a:bc:3b:83:49:a2:c1:
                    4c:9c:74:a0:82:8b:78:f3:f7:28:0a:8f:c4:2c:59:
                    d6:53:13:55:52:24:7a:3e:86:55:8a:0d:54:94:85:
                    dd:30:1f:0c:93:e4:f3:a4:a3:b5:83:f2:43:b0:f5:
                    4f:6d:71:75:77:59:18:9f:63:44:3e:a5:ae:87:f5:
                    e5:17:6d:ff:8f:c0:aa:0e:38:7a:25:0c:7f:b6:61:
                    62:49:c2:a0:72:e8:d2:04:ef:4b:f1:3d:07:c5:57:
                    7b:cb:a1:05:93:ee:08:45:00:ea:9b:3d:75:aa:67:
                    e9:a0:07:fd:4d:d7:fb:72:91:ef:d4:ba:99:d5:da:
                    b8:e6:d6:3b:48:d7:11:72:a6:b4:5d:3e:6c:32:f8:
                    77:a5:2b:84:72:15:05:8a:78:70:02:f7:a1:06:5f:
                    d5:16:78:09:47:4f:fe:19:35:dc:c7:28:e8:7f:2f:
                    3f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:4D:A6:2D:83:A1:A0:31:52:D3:DC:1F:10:A3:2D:0E:74:2E:10:F0
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/AE2mLYOhoDFS09wfEKMtDnQuEPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d6:df:6f:ea:28:57:d4:5f:3d:08:dd:ab:66:61:c6:d6:6f:
         e6:61:f5:eb:6a:2f:f2:96:13:94:52:d4:fe:7b:09:a3:51:45:
         09:97:0d:36:32:64:01:1e:46:b1:a2:0a:2d:6f:c1:9a:ff:da:
         cb:4d:d3:7f:4e:15:39:bf:47:b9:86:7d:ee:db:50:c6:f0:55:
         ef:a4:fd:bc:62:9f:db:ab:c0:32:40:23:74:69:7b:40:06:f1:
         a3:f1:96:25:d9:3f:ff:b9:71:e6:74:c9:4b:ef:88:f1:3d:c1:
         a7:5d:0c:1c:ce:78:54:f3:a7:e6:18:4a:2b:a6:7f:8f:c1:83:
         5f:4b:ae:83:53:c3:1a:2e:a2:ba:a4:47:cd:1e:66:14:fc:59:
         f7:7d:c3:ca:90:19:71:d5:fe:85:67:bf:7a:30:45:63:43:bb:
         82:9a:7f:a6:61:1b:55:83:73:93:7b:1a:83:a5:98:96:92:43:
         b8:d9:18:9d:2e:4a:06:dd:2b:7e:2a:14:73:24:27:eb:7a:fb:
         ec:a7:d2:6b:d5:49:7d:63:fb:ec:43:87:5d:e5:1d:e6:e9:c5:
         5a:ef:45:50:34:03:ca:a0:89:89:6e:99:38:1c:20:b2:9b:b0:
         88:1d:3f:a1:8f:78:ac:17:c6:6f:20:27:47:95:a4:1a:5d:3b:
         a3:b6:5b:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMh9zfNGG4MznHuLAH48jFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQxMTEyMjAwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDRkYTYyZDgzYTFhMDMxNTJkM2RjMWYxMGEzMmQwZTc0MmUxMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnP/B8y1xObQDu5dGSTQIa89OY/i
RAQcqp7Xh5MHuqHIzWpu4YTOMAR3o/QmfPAHZiAFaJYOkcsANGXuyIIUcdK6iHSn
q3s8m0xoC+sV4a/NwSq8O4NJosFMnHSggot48/coCo/ELFnWUxNVUiR6PoZVig1U
lIXdMB8Mk+TzpKO1g/JDsPVPbXF1d1kYn2NEPqWuh/XlF23/j8CqDjh6JQx/tmFi
ScKgcujSBO9L8T0HxVd7y6EFk+4IRQDqmz11qmfpoAf9Tdf7cpHv1LqZ1dq45tY7
SNcRcqa0XT5sMvh3pSuEchUFinhwAvehBl/VFngJR0/+GTXcxyjofy8/xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABNpi2DoaAxUtPcHxCjLQ50LhDwMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvQUUybUxZT2hvREZTMDl3ZkVLTXREblF1RVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZC0MA0G
CSqGSIb3DQEBCwUAA4IBAQBZ1t9v6ihX1F89CN2rZmHG1m/mYfXrai/ylhOUUtT+
ewmjUUUJlw02MmQBHkaxogotb8Ga/9rLTdN/ThU5v0e5hn3u21DG8FXvpP28Yp/b
q8AyQCN0aXtABvGj8ZYl2T//uXHmdMlL74jxPcGnXQwcznhU86fmGEorpn+PwYNf
S66DU8MaLqK6pEfNHmYU/Fn3fcPKkBlx1f6FZ796MEVjQ7uCmn+mYRtVg3OTexqD
pZiWkkO42RidLkoG3St+KhRzJCfrevvsp9Jr1Ul9Y/vsQ4dd5R3m6cVa70VQNAPK
oImJbpk4HCCym7CIHT+hj3isF8ZvICdHlaQaXTujtlsZ
-----END CERTIFICATE-----